Malicious Requests Detection with Improved Bidirectional Long Short-term Memory Neural Networks

TL;DR

This paper introduces a novel deep learning model combining CNN and BiLSTM layers to improve detection of malicious network requests, outperforming existing methods on a standard dataset.

Contribution

The paper proposes a new CNN-BiLSTM-CNN model that enhances malicious request detection by integrating convolutional and recurrent neural networks for better feature extraction.

Findings

Outperforms state-of-the-art methods on CSIC 2010 dataset

Improves malicious feature extraction through layered convolutional and LSTM architecture

Demonstrates robustness against sophisticated attack patterns

Abstract

Detecting and intercepting malicious requests are one of the most widely used ways against attacks in the network security. Most existing detecting approaches, including matching blacklist characters and machine learning algorithms have all shown to be vulnerable to sophisticated attacks. To address the above issues, a more general and rigorous detection method is required. In this paper, we formulate the problem of detecting malicious requests as a temporal sequence classification problem, and propose a novel deep learning model namely Convolutional Neural Network-Bidirectional Long Short-term Memory-Convolutional Neural Network (CNN-BiLSTM-CNN). By connecting the shadow and deep feature maps of the convolutional layers, the malicious feature extracting ability is improved on more detailed functionality. Experimental results on HTTP dataset CSIC 2010 have demonstrated the effectiveness of the proposed method when compared with the state-of-the-arts.